diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-23 07:40:41 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-26 20:17:34 -0400 |
| commit | 5cbc9c54df1165ded8c2b6991c589906fdb96833 (patch) | |
| tree | 2286456a04f65128e755094c5de6be353596d8dd | |
| parent | c17a91ef5853603cc64ab2916cf1c8cc278fc159 (diff) | |
| download | sssd-5cbc9c54df1165ded8c2b6991c589906fdb96833.tar.gz sssd-5cbc9c54df1165ded8c2b6991c589906fdb96833.tar.xz sssd-5cbc9c54df1165ded8c2b6991c589906fdb96833.zip | |
LDAP: Fix memory leaks in synchronous_tls_setup
We were never freeing "result" if it was allocated by
ldap_result(). We were also not freeing "errmsg" if it was
allocated but ldap_parse_result() returned an error.
Also disambiguate error messages from ldap_parse_result() and
error messages from sss_ldap_get_diagnostic_msg() since they use
differing memory-management functions.
| -rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 4932465a1..02963f327 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1620,7 +1620,8 @@ static int synchronous_tls_setup(LDAP *ldap) int ldaperr; int msgid; char *errmsg = NULL; - LDAPMessage *result; + char *diag_msg; + LDAPMessage *result = NULL; TALLOC_CTX *tmp_ctx; DEBUG(4, ("Executing START TLS\n")); @@ -1630,11 +1631,11 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_start_tls(ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { - optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg); + optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n", - sss_ldap_err2string(lret), errmsg)); - sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); + sss_ldap_err2string(lret), diag_msg)); + sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg); } else { DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS. " @@ -1661,7 +1662,6 @@ static int synchronous_tls_setup(LDAP *ldap) DEBUG(3, ("START TLS result: %s(%d), %s\n", sss_ldap_err2string(ldaperr), ldaperr, errmsg)); - ldap_memfree(errmsg); if (ldap_tls_inplace(ldap)) { DEBUG(9, ("SSL/TLS handler already in place.\n")); @@ -1672,11 +1672,11 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_install_tls(ldap); if (lret != LDAP_SUCCESS) { - optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg); + optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n", - sss_ldap_err2string(lret), errmsg)); - sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", errmsg); + sss_ldap_err2string(lret), diag_msg)); + sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg); } else { DEBUG(3, ("ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret))); @@ -1689,6 +1689,8 @@ static int synchronous_tls_setup(LDAP *ldap) lret = LDAP_SUCCESS; done: + if (result) ldap_msgfree(result); + if (errmsg) ldap_memfree(errmsg); talloc_zfree(tmp_ctx); return lret; } |